David Howells <dhowe...@redhat.com> wrote:
> If a certificate is self-signed, don't bother checking the validity of the
> signature. The cert cannot be checked by validation against the next one
> in the chain as this is the root of the chain. Trust for this certificate
> can only be determined by whether we obtained it from a trusted location
> (ie. it was built into the kernel at compile time).
> This also fixes a bug whereby certificates were being assumed to be
> self-signed if they had neither AKID nor SKID, the symptoms of which show
> up as an attempt to load a certificate failing with -ERANGE or -EBADMSG.
> This is produced from the RSA module when the result of calculating "m =
> s^e mod n" is checked.
Oops - I forgot to change the patch description.
To unsubscribe from this list: send the line "unsubscribe
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html